Sei sulla pagina 1di 6

Anatomy of a secure

Connection
Secure connections over air
• Not every 802.11 device is friendly or honorable
• It is very easy to forget that your frames, your signal coming from
your AP is radiating outward, going as far as it can. It will reach
unwanted users, that may have mischievous intent.
• 802.11 standard offers wireless security mechanisms that can be used
to add trust, privacy and integrity, on your wireless network
802.11 Security mechanism
• Authentication: In a wireless network, a client attempting to associate
itself with an AP should authenticate itself. But if you have open
authentication, it would defeats the purpose of security.
• We all have been in public places where wireless is free, and the SSID
is broadcasted out. Very Dangerous, if its an open authentication
DON’T USE IT. It could be a rogue AP trying to bait users to their AP
and obtain your information
• At a minimum you should create a password that users must type in,
so they can gain access to the wireless network.
• NO Password NO wireless NO exceptions
Message Privacy
• We now have some sort of security, we have created a password that
users must type in so they can gain access to the wireless network
• But what happens when your data is being transmitted through free
space, its in clear text and still vulnerable to be intercepted.
• You should also use some sort of encryption, so when your data
leaves the AP, it is know scrambled and you have minimized the
probability of your data being compromised.
• KEY WORD MINIMIZED.
Message Privacy
• We know have a password and we have encrypted the data that’s
traveling through untrusted waters.
• But how do we know that the data has not be tampered with?
• We can use something called a Message Integrity Check or MIC. What
MIC essential does it puts a secret picture in your data that’s
encrypted, this secret picture is all based on your data bits.
• When the receiver gets your encrypted signal, it will have to also
agree with the secret picture based on the data bit it received if they
matched, you have navigated treacherous waters without injury.
Intrusion Protection
• Both the client and the AP are active participants in securing the
connection between them, the data they are exchanging can be
secure.
• Wireless Intrusion Detection Systems can monitor wireless activity
and compare that against a database of known signatures or patterns.
• Controllers have a set of 17 signatures that they can match.
• Controller based IDS can also detect rogue APs and contain them.
• Cisco Prime Infrastructure (PI) is a wireless management system that
can go even further offering wIPS or Wireless Intrusion Prevention.

Potrebbero piacerti anche